Reporting
Finally, at the end of testing, it is necessary to report your findings to the client. It's important to ensure that the report matches the quality of your testing. As the client will only see the report, you have to give it as much love and attention as you do to your testing. The following is a guideline to the layout of the report:
Management summary.
Technical summary.
Findings:
Vulnerability description
Severity
Affected devices
Vulnerability type—software/hardware/configuration
Remediation
Appendices.
The management summary should be aimed at talking to a senior nontechnical audience with a focus on the effects and mitigations required at a high level. Avoid language that is too technical and ensure that the root causes are covered.
The technical summary should be a midpoint between the management summary and findings list. It should be aimed at a developer or a technical lead with a focus on how to fix the issues and broad solutions that could be implemented.
The findings list should...